MDKSA-2001:065

Problem description

The pseudo-random number generator in OpenSSL versions up to 0.9.6a has
a design flaw. By knowing the output of specific PRNG requests, an
attacker would be able to determine the PRNG's internal state and thus
predict future PRNG output.